As the `get_current_active_user` dependency has as a sub-dependency on `get_current_user`, the scope `"me"` declared at `get_current_active_user` will be included in the list of required scopes in the `security_scopes.scopes` passed to `get_current_user`.

The *path operation* itself also declares a scope, `"items"`, so this will also be in the list of `security_scopes.scopes` passed to `get_current_user`.

Для этого используем `security_scopes.scopes`, содержащий `list` со всеми этими scopes как `str`.

{* ../../docs_src/security/tutorial005_an_py310.py hl[130:136] *}

## Дерево зависимостей и scopes { #dependency-tree-and-scopes }

Ещё раз рассмотрим дерево зависимостей и scopes.

## Abhängigkeitsbaum und Scopes { #dependency-tree-and-scopes }

Sehen wir uns diesen Abhängigkeitsbaum und die Scopes noch einmal an.

Da die Abhängigkeit `get_current_active_user` von `get_current_user` abhängt, wird der bei `get_current_active_user` deklarierte Scope `"me"` in die Liste der erforderlichen Scopes in `security_scopes.scopes` aufgenommen, das an `get_current_user` übergeben wird.

## Token JWT con scopes { #jwt-token-with-scopes }

Ahora, modifica la *path operation* del token para devolver los scopes solicitados.

Todavía estamos usando el mismo `OAuth2PasswordRequestForm`. Incluye una propiedad `scopes` con una `list` de `str`, con cada scope que recibió en el request.

Y devolvemos los scopes como parte del token JWT.

/// danger | Peligro

        data = {}
        data["scopes"] = []
        for scope in form_data.scopes:
            data["scopes"].append(scope)
        if form_data.client_id:
            data["client_id"] = form_data.client_id
        if form_data.client_secret:
            data["client_secret"] = form_data.client_secret
        return data
    ```

    Note that for OAuth2 the scope `items:read` is a single scope in an opaque string.

    return mod


def get_access_token(
    *, username="johndoe", password="secret", scope=None, client: TestClient
):
    data = {"username": username, "password": password}
    if scope:
        data["scope"] = scope
    response = client.post("/token", data=data)
    content = response.json()
    access_token = content.get("access_token")
    return access_token

     * {@return all enabled sources that provide files in the given language for the given scope}.
     * If the given scope is {@code null}, then this method returns the enabled sources for all scopes.
     * If the given language is {@code null}, then this method returns the enabled sources for all languages.
     * An arbitrary number of source roots may exist for the same scope and language.
     * It may be, for example, the case of a multi-versions project.

    }

    @Override
    public void setDependencyTrail(List<String> dependencyTrail) {
        this.dependencyTrail = dependencyTrail;
    }

    @Override
    public void setScope(String scope) {
        this.scope = scope;
    }

    @Override
    public VersionRange getVersionRange() {
        return versionRange;
    }

    @Override
    public void setVersionRange(VersionRange versionRange) {

        this.scopedVertices = scopedVertices;

        // scoped graph is versioned by definition
        if (scopedVertices) {
            versionedVertices = true;
        }
    }

    public ArtifactScopeEnum getScope() {
        return scope;
    }

    public void setScope(ArtifactScopeEnum scope) {
        this.scope = scope;
    }

### <abbr title="Geltungsbereich">`scope`</abbr> { #scope }

Ferner sagt die Spezifikation, dass der Client ein weiteres Formularfeld "`scope`" („Geltungsbereich“) senden kann.

Der Name des Formularfelds lautet `scope` (im Singular), tatsächlich handelt es sich jedoch um einen langen String mit durch Leerzeichen getrennten „Scopes“.

Jeder „Scope“ ist nur ein String (ohne Leerzeichen).